Apache proxy configuration question.

A question for work. We can ssh into our intranet via a particular host (call it foo). I'm using the Lotus Notes webmail (which is 1000% nicer than the software client, and I now use it all the time by preference) and can easily access our internal IRC, source control and intranet websites via ssh tunnelling.

The intranet website access requires foo to be running a proxy. This is of course easy in Apache 2.0:

ProxyRequests On
ProxyVia On
ProxyDomain .internal.example.com

<Proxy *>
Order deny,allow
Deny from all
Allow from 172.26 10.1 localhost
</Proxy>

172.26.*.* and 10.1.*.* are intranet IPs. (Yes, we have multiple RFC-1918 ranges.)

All well and good. However, foo can thus be used as a proxy to access outside websites, in a manner that bypasses our WebSense filter (which is running as a transparent proxy). WebSense is inherently patronising and braindead rubbish that is not fit for purpose, but we don't want to upset the IT department unduly, and outside access is not after all what the proxy is there for. Also, not all intranet sites are in .internal.example.com — I need access control based on IP range.

So — how do I tell the proxy to only allow itself to be used for access to intranet IP ranges? What manual page did I miss?

(I could carefully construct a ProxyBlock entry to block everything except our ranges, but that's more than a little laborious. I could do it server-by-server using ProxyPass, but that's way too much like work and I can't be sure my whitelist would ever be complete — I just want to allow it to proxy to intranet IP ranges but not to other IPs.)

Has anyone done this? How did you do it?